Toll Group still recovering from ransomware attack


By Dylan Bushell-Embling
Wednesday, 13 May, 2020



Toll Group still recovering from ransomware attack

Australian logistics company Toll Group has been forced to shut down some core IT systems after falling victim to a ransomware attack for a second time this year.

The attack on 5 May has been confirmed to be traced to the new Nefilim ransomware, part of a new wave of “double extortion” ransomware attacks whereby data is both encrypted and sent to the attackers, who threaten to publish the data online if they do not pay the ransom.

Toll Group has announced that it had securely reactivated its core IT systems as of 7 May, but that a number of customer-facing applications remained offline as of 11 May. The restoration work is expected to continue throughout this week.

The attack has caused delays in some parts of the network, but Toll has switched to taking bookings over the phone via its call centres, and freight shipments and parcel deliveries are moving “by and large” as normal.

Meanwhile, Toll has revealed it has no intention of paying any ransom, and despite Nefilim’s typical methodology, the company has no evidence to date that any data was exfiltrated from its network.

“We continue to prioritise the movement of essential items including medical and healthcare supplies,” Toll Group’s latest update states. “Email access has been restored for Toll employees who operate on our cloud-based platforms.”

Toll Group added that it is continuing to support its large enterprise customers whose services are affected by the disruption to Toll’s online operations.

The company is working with the Australian Cyber Security Centre (ACSC) to investigate and resolve the incident.

The Nefilim ransomware is commonly distributed through exposed remote desktop protocol (RDP) ports, and uses AES-128 encryption to encrypt a victim’s files.

Toll Group was forced to pull its systems offline in January after falling victim to a major ransomware attack involving the Mailto ransomware.

While at the time ACSC said there was no evidence the attack was part of a broader campaign, rival Henning Harders also suffered a ransomware attack in March.

Image credit: ©stock.adobe.com/au/Lasha Kilasonia

Related Articles

Study: Employee personal devices pose risk to corporate data

A Trend Micro survey has highlighted the risks posed by smart home devices to the corporate...

Aussie hackers targeting Facebook, Wi-Fi, says NordVPN

Research from NordVPN found that 43% of Australians looking to break into something were...

ACSC receives one cybercrime report every 10 min

The Australian Cyber Security Centre's inaugural Annual Threat Report for 2020 found that...


  • All content Copyright © 2020 Westwick-Farrow Pty Ltd